From 8a4c01a1839e0f4956b1e7e908d338cc614f6804 Mon Sep 17 00:00:00 2001
From: c2065864 <barnards3@cardiff.ac.uk>
Date: Thu, 9 Dec 2021 16:01:24 +0000
Subject: [PATCH] Fixed staff member validation, changed some redirects to be
up to date
---
.../service/Utils/CheckUserOwner.java | 28 +++++++++++++++++++
.../clientproject/services/UserLinked.java | 18 ++++++++++++
.../signUpAndIn/SignInController.java | 17 ++++++-----
src/main/resources/static/js/manageStaff.js | 4 ++-
src/main/resources/templates/admin.html | 2 +-
.../fragments/businessInformation.html | 2 +-
6 files changed, 59 insertions(+), 12 deletions(-)
create mode 100644 src/main/java/com/example/clientproject/service/Utils/CheckUserOwner.java
diff --git a/src/main/java/com/example/clientproject/service/Utils/CheckUserOwner.java b/src/main/java/com/example/clientproject/service/Utils/CheckUserOwner.java
new file mode 100644
index 0000000..82b55bc
--- /dev/null
+++ b/src/main/java/com/example/clientproject/service/Utils/CheckUserOwner.java
@@ -0,0 +1,28 @@
+package com.example.clientproject.service.Utils;
+
+import com.example.clientproject.data.shops.Shops;
+import com.example.clientproject.data.userPermissions.UserPermissions;
+import com.example.clientproject.data.userPermissions.UserPermissionsRepo;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+@Component
+public class CheckUserOwner {
+
+ @Autowired
+ UserPermissionsRepo permissionsRepo;
+
+ public boolean checkOwner(int userId, int shopId){
+ List<UserPermissions> permissions = permissionsRepo.findByShopID(shopId);
+
+ for(UserPermissions u:permissions){
+ if(u.getUser().getUserId() == userId){
+ if(u.getAdminType().getAdminTypeId() == 2){
+ return true;
+ }
+ }
+ }return false;
+ }
+}
diff --git a/src/main/java/com/example/clientproject/services/UserLinked.java b/src/main/java/com/example/clientproject/services/UserLinked.java
index ce19265..173162d 100644
--- a/src/main/java/com/example/clientproject/services/UserLinked.java
+++ b/src/main/java/com/example/clientproject/services/UserLinked.java
@@ -30,4 +30,22 @@ public class UserLinked {
}
} return false;
}
+
+ public boolean isAnyAdmin(int userId){
+ List<UserPermissions> allLinks = userPermRepo.findByUserId(userId);
+ for(UserPermissions u:allLinks){
+ if(u.getAdminType().getAdminTypeId() == 2){
+ return true;
+ }
+ }return false;
+ }
+
+ public int userAdminShopId(int userId){
+ List<UserPermissions> allLinks = userPermRepo.findByUserId(userId);
+ for(UserPermissions u:allLinks){
+ if(u.getAdminType().getAdminTypeId() == 2){
+ return (int) u.getShop().getShopId();
+ }
+ }return 0;
+ }
}
diff --git a/src/main/java/com/example/clientproject/web/controllers/signUpAndIn/SignInController.java b/src/main/java/com/example/clientproject/web/controllers/signUpAndIn/SignInController.java
index c6bda81..fa58652 100644
--- a/src/main/java/com/example/clientproject/web/controllers/signUpAndIn/SignInController.java
+++ b/src/main/java/com/example/clientproject/web/controllers/signUpAndIn/SignInController.java
@@ -11,6 +11,7 @@ import com.example.clientproject.service.dtos.UsersDTO;
import com.example.clientproject.service.searches.UsersSearch;
import com.example.clientproject.services.BusinessRegisterDTO;
import com.example.clientproject.services.BusinessRegisterSaver;
+import com.example.clientproject.services.UserLinked;
import com.example.clientproject.services.UserShopLinked;
import com.example.clientproject.web.forms.BusinessRegisterForm;
import com.example.clientproject.web.forms.signUpAndIn.LoginForm;
@@ -35,20 +36,20 @@ public class SignInController {
private JWTUtils jwtUtils;
- private UserShopLinked userShopLinked;
+ private UserLinked userLinked;
private UserPermissionsRepo userPermissionsRepo;
private CategoriesRepo catRepo;
public SignInController(UsersSearch aUsersSearch, BusinessRegisterSaver sBusiness, JWTUtils ajwtUtils,
- UserShopLinked aUserShopLinked,
+ UserLinked aUserShopLinked,
UserPermissionsRepo aUserPermissionsRepo,
CategoriesRepo aCatRepo) {
usersSearch = aUsersSearch;
saveBusiness = sBusiness;
jwtUtils = ajwtUtils;
- userShopLinked = aUserShopLinked;
+ userLinked = aUserShopLinked;
userPermissionsRepo = aUserPermissionsRepo;
catRepo = aCatRepo;
}
@@ -72,12 +73,10 @@ public class SignInController {
}
//System.out.println(userShopLinked.hasShop(jwtUtils.getLoggedInUserId(session).get()));
- if(userShopLinked.hasShop(jwtUtils.getLoggedInUserId(session).get())){
- long userId = jwtUtils.getLoggedInUserId(session).get();
- long shopId = userPermissionsRepo.findByUserId(userId).get(0).getShop().getShopId();
- if(shopId == 1){
- shopId = userPermissionsRepo.findByUserId(userId).get(1).getShop().getShopId();
- }
+ if(userLinked.isAnyAdmin(jwtUtils.getLoggedInUserId(session).get())){
+
+ int shopId = userLinked.userAdminShopId(jwtUtils.getLoggedInUserId(session).get());
+
return "redirect:/redirect?url=businessDetails?shopId="+shopId;
}
List<Categories> categories = catRepo.findAll();
diff --git a/src/main/resources/static/js/manageStaff.js b/src/main/resources/static/js/manageStaff.js
index 2d51943..7006bf1 100644
--- a/src/main/resources/static/js/manageStaff.js
+++ b/src/main/resources/static/js/manageStaff.js
@@ -10,6 +10,8 @@ function submit(shopId, email={"value":""}){
document.getElementsByName("staffEmail").forEach(x => emailArray.push(x.innerHTML))
+ console.log(emailArray)
+
if(emailArray.includes(emailValue)){
document.getElementById("emailErrorField").innerHTML = "User already added"
return
@@ -42,7 +44,7 @@ function submit(shopId, email={"value":""}){
document.getElementById("staffManagement").innerHTML+=
`<div id="staffManagement">
<div class="staffManagementContainer">
- <p class="subtitle is-6" style="width:50%; margin-bottom: 0">${emailValue}</p>
+ <p class="subtitle is-6" name="staffEmail" style="width:50%; margin-bottom: 0">${emailValue}</p>
<button class="button is-danger is-outlined" style="border-bottom: 1px solid"
onclick="submit(${document.getElementById("shopId").value},this);">
<span class="icon is-small">
diff --git a/src/main/resources/templates/admin.html b/src/main/resources/templates/admin.html
index 1afe419..6aaaf60 100644
--- a/src/main/resources/templates/admin.html
+++ b/src/main/resources/templates/admin.html
@@ -73,7 +73,7 @@
<div th:replace="fragments/businessInformation :: keyInformation"></div>
<div th:replace="fragments/userSocials.html :: userSocial"/>
<br>
- <th:block th:if="${highestShopLevel>=2}">
+ <th:block th:if="${@checkUserOwner.checkOwner(loggedInUser.userId, shop.shopId)}">
<div th:replace="fragments/manageStaff.html :: manageStaffMembers"/>
<div th:replace="fragments/deleteShop.html :: deleteShop"/>
<div th:replace="fragments/toggleShop.html :: toggleShop"/>
diff --git a/src/main/resources/templates/fragments/businessInformation.html b/src/main/resources/templates/fragments/businessInformation.html
index 45b6b7e..87c4ca4 100644
--- a/src/main/resources/templates/fragments/businessInformation.html
+++ b/src/main/resources/templates/fragments/businessInformation.html
@@ -11,7 +11,7 @@
<input type="text" th:value="${shop.shopName}" id="nameInput" class="input">
<p class="subtitle is-6" style="margin-bottom:3px;margin-top: 10px">Description</p>
- <textarea class="textarea" id="descriptionInput" th:text="${shop.shopDescription}" cols="30" rows="10"></textarea>
+ <textarea class="textarea" id="descriptionInput" maxlength="250" th:text="${shop.shopDescription}" cols="30" rows="10"></textarea>
<p class="subtitle is-6" style="margin-bottom:3px;margin-top: 10px">Banner</p>
<img class="mb-3" id="bannerPreview" th:src="${shop.shopBanner}" style="margin-top: 5px; max-height: 100px">
--
GitLab